961f7a5b57fa7efc37a0755518c12415_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

961f7a5b57fa7efc37a0755518c12415_JaffaCakes118
Size

76KB
MD5

961f7a5b57fa7efc37a0755518c12415
SHA1

4d19691bbdde5dd4de17499b83e262404107e390
SHA256

a4c325bdc2d760f280c1a7b4f81198b315353464a42fb8b53daa717a13428b9f
SHA512

747e731464a8c5fedda52e0c5eb9fea8f89d6f80a8ddb7ed089dac59a66eaf80b5bf7615fba875d15d6c126d709abfaabfc7f939da9e4e96b596e3d6a6fd8cc9
SSDEEP

1536:vA8AKzN8mQX77t8/sUsluPf32tx8H26habOTR:ooN8mQX77GF332i2cd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
961f7a5b57fa7efc37a0755518c12415_JaffaCakes118

Files

961f7a5b57fa7efc37a0755518c12415_JaffaCakes118
.exe windows:5 windows x86 arch:x86

49d9dff4cda47db05b18499fcbf60225

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess
GetProcAddress
VirtualProtect
LoadLibraryA
lstrcmpiA
IsBadReadPtr
VirtualAlloc
CreateThread

user32

SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
LoadIconA
LoadCursorA
KillTimer
SetTimer
DefWindowProcA

Exports

Exports

fgdfgddfgffg
sfgdfggtbfdb
start

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ